Sandboxie and different levels of protection

Just checking if I understand the different levels of protection.

1) If you have a web browser sandboxed and come across a virus/program, the virus/program can't change/write or encrypt files on your computer but 'it could' run in the sandbox and read a file (like secret info in a text file) anywhere on your computer and send that info over the internet to the bad guy.

2) If you add Data Protection, then the virus/program could do the same as above but will ONLY be able to access HKLM, C:\Windows, C:\Program Files, C:\Program Files (x86) and files/folders you add to Resource Access.

3) If you add a web browser to Internet Restrictions and choose 'Set network/internet access for unlisted processes' to 'Block by denying access to network devices' then the virus/program still can't change/write or encrypt files but could run in the sandbox and read the files on your computer but would not be allowed to use the internet/network to send the info to the bad guy.

Are all of these examples correct?

 

For the most part yes, but if you have a web browser that is allowed to access the internet in the same box as your virus/program the virus/program could leverage the web browser to bypass the internet block.

 

Assuming your browser isn't installed in the sandbox, I believe you also want to restrict what can run in the sandbox (Start Restrictions) e.g. Firefox.exe, pingsender.exe, rundll32.exe e.t.c.
This should provide even more protection as a virus shouldn't even be able to run - until someone corrects me otherwise!

 

@david - That was the answer I was looking for. Thanks!

@simburn - I was hoping to bypass Start Restrictions by using the options I listed on my first post, especially the Internet Restrictions option to make setting up everything faster and easier. I don't mind having another program/virus run in the sandbox as long as it stays there and doesn't relay any personal info through the internet to someone else but David pointing out that the program/virus would be stopped by Internet Restrictions BUT could use the web browser that does have access to the internet to possibly piggyback and gain access that way. I never thought of that, so it's back to using Start Restrictions again which is better overall to keep any unauthorized programs or viruses from starting to begin with. I'll just have to take the time to add not only the programs I use like Firefox, Microsoft Edge, etc., but also the needed extra programs needed like RuntimeBroker.exe, identity_helper.exe, etc..

Thanks again for the replys!

 

FWIW ~ my [UserSettings_nnnnn]

Code:

SbieCtrl_HideMessage=1308, RuntimeBroker.exe [Edge]
SbieCtrl_HideMessage=1308, identity_helper.exe [Edge]

Edge is my daily rider.

 

@bjm - Yea, I decided not to hide the messages since these are legitimate and sometimes required programs needed for Microsoft Edge. I just added them to the Start Restrictions so everything runs sandboxed but not access the internet. Only my Firefox, Thunderbird and Microsoft Edge has access to the internet through Internet Restrictions. Since I'm using Start Restrictions, I no longer have to worry about any other programs or viruses running because they can't. Only the programs I choose can run in Start Restrictions which almost overrides the other choices in my first post. In the end, it's all about how far do you want to go depending on your threat level. Each option gives a little bit more protection and control. In the first post, all I wanted was to keep a program/virus from accessing and relaying info from anywhere on my computer. Since the program/virus would be caught in the sandbox I didn't have to worry about my computer being infected but was concerned about stopping the program/virus from reading files and relaying that info to the bad guy somewhere on the internet. I didn't know or think that the program/virus could leverage my web browser to gain that internet access and relay the info. So Start Restrictions put a stop to that. Anyway, I know you know already about all this since you've been around here a while but hopefully this post can help others reading this to understand and create their own setup. I listed some additional info below for anyone seeking additional info.

What is RuntimeBroker.exe?
https://www.howtogeek.com/268240/what-is-runtime-broker-and-why-is-it-running-on-my-pc/

What is identity_helper.exe?
https://www.askvg.com/what-is-identity-helper-exe-process-running-in-task-manager-in-windows-10/

What is CompPkgSrv.exe?
https://www.what-is-exe.com/comppkgsrv-exe/

What is dllhost.exe?
https://www.groovypost.com/reviews/dllhost-windows-process-explained/

What is pingsender.exe?
https://www.ghacks.net/2017/10/14/what-is-pingsender-exe-on-windows/

 

Okay, interesting information. I've decided they do not need to run; they do not need internet access. Just me.